Docs: New index for permissions
This commit is contained in:
parent
a2918d5689
commit
b68e64629a
|
@ -5,17 +5,17 @@ particular group or project. If a user is both in a group's project and the
|
||||||
project itself, the highest permission level is used.
|
project itself, the highest permission level is used.
|
||||||
|
|
||||||
On public and internal projects the Guest role is not enforced. All users will
|
On public and internal projects the Guest role is not enforced. All users will
|
||||||
be able to create issues, leave comments, and pull or download the project code.
|
be able to create issues, leave comments, and clone or download the project code.
|
||||||
|
|
||||||
When a member leaves the team the all assigned Issues and Merge Requests
|
When a member leaves the team all the assigned [Issues](project/issues/index.md) and [Merge Requests](project/merge_requests/index.md)
|
||||||
will be unassigned automatically.
|
will be unassigned automatically.
|
||||||
|
|
||||||
GitLab administrators receive all permissions.
|
GitLab [administrators](../README.md#administrator-documentation) receive all permissions.
|
||||||
|
|
||||||
To add or import a user, you can follow the
|
To add or import a user, you can follow the
|
||||||
[project members documentation](../user/project/members/index.md).
|
[project members documentation](../user/project/members/index.md).
|
||||||
|
|
||||||
## Project
|
## Project members permissions
|
||||||
|
|
||||||
The following table depicts the various user permission levels in a project.
|
The following table depicts the various user permission levels in a project.
|
||||||
|
|
||||||
|
@ -75,7 +75,58 @@ The following table depicts the various user permission levels in a project.
|
||||||
| Remove protected branches [^3] | | | | | |
|
| Remove protected branches [^3] | | | | | |
|
||||||
| Remove pages | | | | | ✓ |
|
| Remove pages | | | | | ✓ |
|
||||||
|
|
||||||
## Group
|
## Project features permissions
|
||||||
|
|
||||||
|
### Wiki and issues
|
||||||
|
|
||||||
|
Project features like wiki and issues can be hidden from users depending on
|
||||||
|
which visibility level you select on project settings.
|
||||||
|
|
||||||
|
- Disabled: disabled for everyone
|
||||||
|
- Only team members: only team members will see even if your project is public or internal
|
||||||
|
- Everyone with access: everyone can see depending on your project visibility level
|
||||||
|
|
||||||
|
### Protected branches
|
||||||
|
|
||||||
|
To prevent people from messing with history or pushing code without
|
||||||
|
review, we've created protected branches. Read through the documentation on
|
||||||
|
[protected branches](project/protected_branches.md)
|
||||||
|
to learn more.
|
||||||
|
|
||||||
|
Additionally, you can allow or forbid users with Master and/or
|
||||||
|
Developer permissions to push to a protected branch. Read through the documentation on
|
||||||
|
[Allowed to Merge and Allowed to Push settings](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings)
|
||||||
|
to learn more.
|
||||||
|
|
||||||
|
### Cycle Analytics permissions
|
||||||
|
|
||||||
|
Find the current permissions on the Cycle Analytics dashboard on
|
||||||
|
the [documentation on Cycle Analytics permissions](project/cycle_analytics.md#permissions).
|
||||||
|
|
||||||
|
### Issue Board permissions
|
||||||
|
|
||||||
|
Developers and users with higher permission level can use all
|
||||||
|
the functionality of the Issue Board, that is create/delete lists
|
||||||
|
and drag issues around. Read though the
|
||||||
|
[documentation on Issue Boards permissions](project/issue_board.md#permissions)
|
||||||
|
to learn more.
|
||||||
|
|
||||||
|
### File Locking permissions (EEP)
|
||||||
|
|
||||||
|
The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.
|
||||||
|
|
||||||
|
Read through the documentation on [permissions for File Locking](https://docs.gitlab.com/ee/user/project/file_lock.html#permissions-on-file-locking) to learn more.
|
||||||
|
|
||||||
|
File Locking is available in
|
||||||
|
[GitLab Enterprise Edition Premium](https://about.gitlab.com/gitlab-ee/) only.
|
||||||
|
|
||||||
|
### Confidential Issues permissions
|
||||||
|
|
||||||
|
Confidential issues can be accessed by reporters and higher permission levels,
|
||||||
|
as well as by guest users that create a confidential issue. To learn more,
|
||||||
|
read through the documentation on [permissions and access to confidential issues](project/issues/confidential_issues.md#permissions-and-access-to-confidential-issues).
|
||||||
|
|
||||||
|
## Group members permissions
|
||||||
|
|
||||||
Any user can remove themselves from a group, unless they are the last Owner of
|
Any user can remove themselves from a group, unless they are the last Owner of
|
||||||
the group. The following table depicts the various user permission levels in a
|
the group. The following table depicts the various user permission levels in a
|
||||||
|
@ -91,7 +142,16 @@ group.
|
||||||
| Remove group | | | | | ✓ |
|
| Remove group | | | | | ✓ |
|
||||||
| Manage group labels | | ✓ | ✓ | ✓ | ✓ |
|
| Manage group labels | | ✓ | ✓ | ✓ | ✓ |
|
||||||
|
|
||||||
## External Users
|
### Subgroup permissions
|
||||||
|
|
||||||
|
When you add a member to a subgroup, they inherit the membership and
|
||||||
|
permission level from the parent group. This model allows access to
|
||||||
|
nested groups if you have membership in one of its parents.
|
||||||
|
|
||||||
|
To learn more, read through the documentation on
|
||||||
|
[subgroups memberships](group/subgroups/index.md#membership).
|
||||||
|
|
||||||
|
## External users permissions
|
||||||
|
|
||||||
In cases where it is desired that a user has access only to some internal or
|
In cases where it is desired that a user has access only to some internal or
|
||||||
private projects, there is the option of creating **External Users**. This
|
private projects, there is the option of creating **External Users**. This
|
||||||
|
@ -115,18 +175,9 @@ will find the option to flag the user as external.
|
||||||
By default new users are not set as external users. This behavior can be changed
|
By default new users are not set as external users. This behavior can be changed
|
||||||
by an administrator under **Admin > Application Settings**.
|
by an administrator under **Admin > Application Settings**.
|
||||||
|
|
||||||
## Project features
|
## GitLab CI/CD permissions
|
||||||
|
|
||||||
Project features like wiki and issues can be hidden from users depending on
|
GitLab CI/CD permissions rely on the role the user has in GitLab. There are four
|
||||||
which visibility level you select on project settings.
|
|
||||||
|
|
||||||
- Disabled: disabled for everyone
|
|
||||||
- Only team members: only team members will see even if your project is public or internal
|
|
||||||
- Everyone with access: everyone can see depending on your project visibility level
|
|
||||||
|
|
||||||
## GitLab CI
|
|
||||||
|
|
||||||
GitLab CI permissions rely on the role the user has in GitLab. There are four
|
|
||||||
permission levels in total:
|
permission levels in total:
|
||||||
|
|
||||||
- admin
|
- admin
|
||||||
|
@ -134,7 +185,7 @@ permission levels in total:
|
||||||
- developer
|
- developer
|
||||||
- guest/reporter
|
- guest/reporter
|
||||||
|
|
||||||
The admin user can perform any action on GitLab CI in scope of the GitLab
|
The admin user can perform any action on GitLab CI/CD in scope of the GitLab
|
||||||
instance and project. In addition, all admins can use the admin interface under
|
instance and project. In addition, all admins can use the admin interface under
|
||||||
`/admin/runners`.
|
`/admin/runners`.
|
||||||
|
|
||||||
|
@ -150,7 +201,7 @@ instance and project. In addition, all admins can use the admin interface under
|
||||||
| See events in the system | | | | ✓ |
|
| See events in the system | | | | ✓ |
|
||||||
| Admin interface | | | | ✓ |
|
| Admin interface | | | | ✓ |
|
||||||
|
|
||||||
### Jobs permissions
|
### Job permissions
|
||||||
|
|
||||||
>**Note:**
|
>**Note:**
|
||||||
GitLab 8.12 has a completely redesigned job permissions system.
|
GitLab 8.12 has a completely redesigned job permissions system.
|
||||||
|
@ -174,6 +225,26 @@ users:
|
||||||
| Push container images to current project | | ✓ | ✓ | ✓ |
|
| Push container images to current project | | ✓ | ✓ | ✓ |
|
||||||
| Push container images to other projects | | | | |
|
| Push container images to other projects | | | | |
|
||||||
|
|
||||||
|
### New CI job permissions model
|
||||||
|
|
||||||
|
GitLab 8.12 has a completely redesigned job permissions system. To learn more,
|
||||||
|
read through the documentation on the [new CI/CD permissions model](project/new_ci_build_permissions_model.md#new-ci-job-permissions-model).
|
||||||
|
|
||||||
|
## LDAP users permissions
|
||||||
|
|
||||||
|
Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user.
|
||||||
|
Read through the documentation on [LDAP users permissions](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/index.html#updating-user-permissions-new-feature) to learn more.
|
||||||
|
|
||||||
|
## Auditor users permissions (EEP)
|
||||||
|
|
||||||
|
An Auditor user should be able to access all projects and groups of a GitLab instance
|
||||||
|
with the permissions described on the documentation on [auditor users permissions](https://docs.gitlab.com/ee/administration/auditor_users.html#permissions-and-restrictions-of-an-auditor-user).
|
||||||
|
|
||||||
|
Auditor users are available in [GitLab Enterprise Edition Premium](https://about.gitlab.com/gitlab-ee/)
|
||||||
|
only.
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
[^1]: Guest users can only view the confidential issues they created themselves
|
[^1]: Guest users can only view the confidential issues they created themselves
|
||||||
[^2]: If **Public pipelines** is enabled in **Project Settings > Pipelines**
|
[^2]: If **Public pipelines** is enabled in **Project Settings > Pipelines**
|
||||||
[^3]: Not allowed for Guest, Reporter, Developer, Master, or Owner
|
[^3]: Not allowed for Guest, Reporter, Developer, Master, or Owner
|
||||||
|
|
Loading…
Reference in New Issue